core_rpc_server: fix overreads in slow_memmem

It would read data outside the allocated space in a couple cases.
author: moneromooo-monero <moneromooo-monero@users.noreply.github.com> 2014-10-06 10:27:34 +0100
committer: moneromooo-monero <moneromooo-monero@users.noreply.github.com> 2014-10-06 14:57:49 +0100
commit: add803be89c1538d4b98d3fc0e25930b96a78fb2 (patch)
tree: 1c714af754522b7374afcb046db8940dff6cebd1 /src/rpc/core_rpc_server.cpp
parent: Merge pull request #170 (diff)
download: monero-add803be89c1538d4b98d3fc0e25930b96a78fb2.tar.xz
1 files changed, 10 insertions, 8 deletions
diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp
index e80451cda..97795801c 100644
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@@ -398,17 +398,19 @@ namespace cryptonote
     return true;
   }
   //------------------------------------------------------------------------------------------------------------------------------
-  uint64_t slow_memmem(void* start_buff, size_t buflen,void* pat,size_t patlen)
+  // equivalent of strstr, but with arbitrary bytes (ie, NULs)
+  // This does not differentiate between "not found" and "found at offset 0"
+  uint64_t slow_memmem(const void* start_buff, size_t buflen,const void* pat,size_t patlen)
   {
-    void* buf = start_buff;
-    void* end=(char*)buf+buflen-patlen;
-    while((buf=memchr(buf,((char*)pat)[0],buflen)))
+    const void* buf = start_buff;
+    const void* end=(const char*)buf+buflen;
+    if (patlen > buflen || patlen == 0) return 0;
+    while(buflen>0 && (buf=memchr(buf,((const char*)pat)[0],buflen-patlen+1)))
     {
-      if(buf>end)
-        return 0;
       if(memcmp(buf,pat,patlen)==0)
-        return (char*)buf - (char*)start_buff;
-      buf=(char*)buf+1;
+        return (const char*)buf - (const char*)start_buff;
+      buf=(const char*)buf+1;
+      buflen = (const char*)end - (const char*)buf;
     }
     return 0;
   }
author	moneromooo-monero <moneromooo-monero@users.noreply.github.com>	2014-10-06 10:27:34 +0100
committer	moneromooo-monero <moneromooo-monero@users.noreply.github.com>	2014-10-06 14:57:49 +0100
commit	add803be89c1538d4b98d3fc0e25930b96a78fb2 (patch)
tree	1c714af754522b7374afcb046db8940dff6cebd1 /src/rpc/core_rpc_server.cpp
parent	Merge pull request #170 (diff)
download	monero-add803be89c1538d4b98d3fc0e25930b96a78fb2.tar.xz